Skip to content
This repository has been archived by the owner on Apr 12, 2024. It is now read-only.

CORS access to $http response headers broken in Firefox -- consider workaround for bugzilla 608735 #1468

Closed
fredsa opened this issue Oct 17, 2012 · 10 comments

Comments

@fredsa
Copy link
Contributor

fredsa commented Oct 17, 2012

Mozilla has a long outstanding which causes xhr.getAllResponseHeaders() to be empty / missing so-called simple response headers for CORS requests. See https://bugzilla.mozilla.org/show_bug.cgi?id=608735 for details.

Until this bug is fixed, I was hoping Angular could add a workaround for Firefox users and use xhr.getResponseHeader() instead.

@abtris
Copy link

abtris commented Jan 8, 2013

@willthemoor
Copy link
Contributor

Lost an afternoon to this one. :( I looked into the angular source to see if I could patch a work around for the Firefox bug myself but came up empty.

Created a plunk to illustrate the issue. http://plnkr.co/edit/hiTtKI Try it in webkit and firefox to see where firefox is coming up short.

Unfortunately, it's kind of a show stopper for me. The API I'm targeting uses response headers to communicate pagination information (currentpage, totalpages....)

@willthemoor
Copy link
Contributor

The PR doesn't pass custom headers through because it's looping on a fixed set of headers. If you need custom headers included (I did), you'll need to manually extend the array in the angular.js file.

simpleHeaders = ["Cache-Control", "Content-Language", "Content-Type",
"Expires", "Last-Modified", "Pragma",
"myAwesomeHeader", "other-header", "oatmeal"];

@IgorMinar
Copy link
Contributor

This bug was just fixed in FF. See bugzilla. I still think that we should include the workaround since it will take some time for the fix to propagate into the install base.

vojtajina pushed a commit to vojtajina/angular.js that referenced this issue Feb 15, 2013
A workaround for https://bugzilla.mozilla.org/show_bug.cgi?id=608735
In FF getAllResponseHeaders() returns null if the request is the result of CORS.

Tried to format the code so that when a FF patch is released and gains enough
traction it can easily be selected and deleted. Heavily inspired by jQuery's
patch for the same bug. This patch falls short of passing through custom headers
but covers all of the "simple response headers" in the spec at
http://www.w3.org/TR/cors/

This commit should get reverted once Firefox 21 gets out.

Closes angular#1468

Conflicts:
	src/ng/httpBackend.js
@kkurni
Copy link

kkurni commented Feb 25, 2013

How about custom header with firefox ?

From the changes, I only can see simple header but not custom header.

Is there any other patch regarding this ?

Thanks

@willthemoor
Copy link
Contributor

@kkurni You'll have to add them manually (that's what I did). Could probably do this via new config option but I'm not clear on the guidelines there.

@kkurni
Copy link

kkurni commented Feb 26, 2013

Where do you add them?

is that changing the code?

I would love to add them in the config.

Thanks

Sent from my iPhone

On 27/02/2013, at 5:59 AM, Will Moore [email protected] wrote:

@kkurni https://github.com/kkurni You'll have to add them manually
(that's what I did). Could probably do this via new config option but I'm
not clear on the guidelines there.


Reply to this email directly or view it on
GitHubhttps://github.com//issues/1468#issuecomment-14132682
.

@willthemoor
Copy link
Contributor

@kkurni yep, it involves hacking on the source. This comment explains the how/where if you want to do it. #1468 (comment)

@tiw
Copy link

tiw commented Apr 3, 2013

According to http://www.w3.org/TR/cors/ 6.2 Preflight Request
The user should have chance to get the headers other than "simple" headers.
Now just the simple headers are returned.

I think allowed headers should be set according to the response headers of Access-Control-Allow-Headers.
Not just using a hardcode Arrray like
simpleHeaders = ["Cache-Control", "Content-Language", "Content-Type",
"Expires", "Last-Modified", "Pragma"];

@kkurni
Copy link

kkurni commented Apr 3, 2013

android browser unable to retreive this custom header.

Sent from my iPhone

On 03/04/2013, at 7:29 PM, Ting Wang [email protected] wrote:

According to http://www.w3.org/TR/cors/ 6.2 Preflight Request
The user should habe change to get the heders other than "simple" header.
Now just the simple headers are returned.

I think allowed headers should be set according to the response headers of
Access-Control-Allow-Headers.


Reply to this email directly or view it on
GitHubhttps://github.com//issues/1468#issuecomment-15824456
.

btford pushed a commit to btford/angular.js that referenced this issue Oct 1, 2013
jamesdaily pushed a commit to jamesdaily/angular.js that referenced this issue Jan 27, 2014
jamesdaily pushed a commit to jamesdaily/angular.js that referenced this issue Jan 27, 2014
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

7 participants